- Complete rewrite focused on technical users and immediate value
- Added brain factory header image with descriptive alt text
- Improved accessibility with proper heading structure and emoji placement
- Streamlined content with focus on architecture and performance
- Clear examples and quick start instructions
- Enhanced troubleshooting and monitoring sections
- Better link text for screen reader compatibility
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Removed version pin from @anthropic-ai/claude-code to allow automatic updates
- Added hadolint ignore directive for DL3016 on this specific line
- This allows us to stay current with Claude Code updates while maintaining security for other packages
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Fixed python3-pip version to 23.0.1+dfsg-1 (without +deb12u1 suffix)
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Updated git version to 1:2.39.5-0+deb12u2
- Updated curl version to 7.88.1-10+deb12u12
- Use wildcard for Docker CLI version (5:27.*) for better compatibility
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Set SHELL with pipefail option (DL4006)
- Pin all apt package versions (DL3008)
- Add --no-install-recommends flag to apt-get (DL3015)
- Pin Claude Code npm package version to 1.0.3 (DL3016)
- Fix groupadd/usermod error handling pattern (SC2015)
- Consolidate RUN instructions for permission changes (DL3059)
These changes address all Hadolint warnings and improve container security.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Remove Node.js 18.x from PR workflow test matrix
- Update README.md to require Node.js 20+ instead of 16+
- Add engines field to package.json specifying Node.js >=20.0.0
- Fix linting issues (unused import and indentation)
This addresses the compatibility issue with @octokit/rest v22.0.0
which dropped support for Node.js 18, simplifying our CI/CD pipeline
and ensuring consistent Node.js version requirements.
Resolves#68🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
The auto-tagging functionality was failing because the specialized entrypoint script was not included in the Docker image build. This adds the missing script to the /scripts/runtime directory and ensures proper permissions.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Remove complex error response tracking from tests
- Simplify all responses to standard webhook success format
- Update test expectations to match new selective workflow triggering
- Remove outdated test scenarios that don't apply to new implementation
- All tests now pass with cleaner, more focused assertions
The tests now properly reflect our simplified approach:
- Single environment variable controls which workflow triggers reviews
- Standard webhook responses for all scenarios
- Repository-independent configuration
- No complex error result tracking
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Add PR_REVIEW_TRIGGER_WORKFLOW environment variable for precise control
- Make automated PR reviews repository-independent
- Fix Docker security scan conditional logic in pr.yml
- Add security job dependencies to docker-build job
- Filter out CodeQL/analysis-only workflows from triggering PR reviews
- Update documentation with new configuration options
- Partial test fixes for new workflow filtering logic
This prevents multiple PR reviews from different check suites and makes
the system work across any repository with proper configuration.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Create dedicated PR workflow (pr.yml) with comprehensive CI checks
- Remove pull_request triggers from ci.yml, security.yml, and deploy.yml
- Remove develop branch references for trunk-based development
- Include security scans, CodeQL analysis, and Docker builds in PR workflow
- Prevent automated PR review from triggering multiple times
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Updated awsCredentialProvider tests to mock fs.promises.readFile
- Changed all readFileSync references to readFile in test mocks
- All tests now pass with the async file operations
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Convert async file operations in awsCredentialProvider.js to use fs.promises
- Add eslint-disable comments for necessary sync operations during initialization
- Fix warnings in logger.js, secureCredentials.js, and test files
- All 21 linter warnings resolved
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Remove temp file approach that used invalid @file syntax with Docker
- Pass long commands directly as environment variables
- Update test to verify long command handling without temp files
- Remove unused fsSync import
The previous implementation attempted to use Docker's non-existent @file
syntax for reading environment variables from files, which caused the
COMMAND variable to be empty in the container.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Add explicit check to skip build job on pull requests
- Ensures Docker images are only built after merge to main or on version tags
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Replace all self-hosted runners with ubuntu-latest
- Docker builds now only run on main branch or version tags, not on PRs
- Reduces stress on self-hosted infrastructure
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Delete placeholder E2E test file that only tested mocked values
- Remove empty integration test directories (aws/, claude/, github/)
- Clean up package.json test scripts (removed test:integration and test:e2e)
- Update CI workflow to remove E2E test job
These placeholder tests provided no real value as they only verified
hardcoded mock responses. Real E2E and integration tests can be added
when there's actual functionality to test.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
Add path filtering to deploy.yml to match ci.yml pattern.
This should prevent Docker builds when only documentation changes.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
This commit should NOT trigger Docker builds since only README changed.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Security scans run faster on GitHub runners than self-hosted
- E2E tests are minimal (1 scenario) so GitHub runners are sufficient
- Only keep Docker builds on self-hosted since they're resource intensive
- Results in faster CI execution and better cost efficiency
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
Prevent malicious PRs from forks running on self-hosted infrastructure by
restricting self-hosted jobs to only run for:
- Direct pushes (not PRs from forks)
- PRs from intelligence-assist org members
This protects against potential security vulnerabilities while maintaining
functionality for trusted contributors.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
Using standard ubuntu-latest (2-core) runners for light jobs to avoid
additional costs beyond GitHub Team plan. Heavy jobs still use self-hosted.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Fix label capitalization: linux,x64 → Linux,X64 to match actual runner
- Strategic job distribution: heavy tasks on self-hosted, light tasks on GitHub 4-core
- Ensures jobs are picked up by homeserver runner instead of queuing indefinitely
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
Simplified runner labels from complex arrays to simple 'self-hosted' to match
actual runner configuration and ensure jobs are picked up properly.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Move all jobs from GitHub-hosted to self-hosted runners
- Leverage 16-core self-hosted infrastructure for all workloads
- Maintain parallel execution benefits with dedicated hardware
- Expected dramatic performance improvement across all pipelines
- Split test jobs into parallel units (lint, unit, integration, e2e, coverage)
- Move Docker builds to self-hosted runners for better performance
- Use ubuntu-latest-4-cores for faster GitHub-hosted CI jobs
- Add aggressive caching for npm dependencies and Docker layers
- Parallelize security scans with other jobs instead of sequential execution
- Optimize job dependencies to reduce pipeline wall-clock time
Expected performance improvements:
- CI Pipeline: ~60% faster due to parallel execution
- Docker Builds: ~40% faster on self-hosted infrastructure
- Overall pipeline: ~50% reduction in total execution time
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Create unified SignatureHelper utility for consistent crypto operations
- Create WebhookTestHelper for streamlined webhook testing
- Remove duplicate test files and consolidate functionality
- Update generate-signature.js to use new utilities and remove hardcoded secrets
- Fix webhook signature verification to handle different buffer lengths
- Standardize test patterns across webhook and unit tests
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
Security scanning requires pushed images, which are not available
in PR context. Only run security scans on push events.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
